Re: DHCP Mac address
Jochen Schulz wrote:
Yes, I think every DHCP server allows that. If you're not too familiar
with these things, I suggest you use dnsmasq which primarily is a DNS
server (as the name suggests), but it can also act as a DHCP server.
This makes it possible to do DNS resolution for DHCP clients (even
with dynamical IPs) very easy.
Well I already used bind9 and DHCP for quite some time now. Always
been very pleased with both.
And using BIND makes it easy to share the administration burden with
other sys admins, since BIND is the standard. Or at least the most used.
And making DHCP3 add the hostnames/ip addresses to BIND is not that
hard, and already setup.
To answer your question for dnsmasq (at least partly): just comment out
the option "read- ethers) in the example configuration and create a
hosts style file named /etc/ethers. See 'man 5 ethers' for an example.
This will give the same IPs to clients with a specific MAC address.
As some others already have noted, MAC filtering for security reasons is
almost useless. It is very easy to spoof a MAC address if someone is
already able to sniff some traffic (WEP encryption in wireless LANs
doesn't help very much against that, too).
Ah so true!
MAC address security is just as good as no security, but security as
to whom get's access to the wired lan (we have no Wireless LAN.) is
already taken care of in other way's.
I just want to make sure that people who bring in laptops of there
own do not get access to the Internet or even to the LAN at all.
And even if they know how to get around it, they will at least know
that they are doing something they are not supposed to do.
Plus I check the logs reguraly, the access attempt together with the
socket number will tell me how probably tried some mischief.
The way i'm doing it now is adding a new accepted computer like this:
host name {
hardware ethernet 00:00:00:00:00:e1
}
etc.
It works, but is administrator heavy. Which is why I wanted to know
if those hardware addresses can be added to a file, which I can tell
write a cgi script for to update via special IT pages on our Intranet.
If I want to do such a thing now, i'd have to recreate the actual
dhcp3 config file (DANGEROUS) everytime via such a CGI script. And
then even restarting the DHCP server...
Thanks again, for thingking with me!
--
Make everything as simple as possible,
Not any simpler though.
begin:vcard
fn:Mark Maas
n:Maas;Mark
adr;dom:;;;Amsterdam
email;internet:mark@menem.mine.nu
title:Systems Admin
note;quoted-printable:-----BEGIN PGP PUBLIC KEY BLOCK-----=0D=0A=
Version: GnuPG v1.2.4 (GNU/Linux)=0D=0A=
=0D=0A=
mQGiBEF/9pMRBADvHSlIl47a4t7phWb0zzHHlZDDJmBfdzKq6bBDofinF16u6Wig=0D=0A=
C67aFPVu2eTDB7yhpVskL4e4eUpS8acS1NWfaBbbVFZv+JUXW1szD1rjmdH7XI0w=0D=0A=
XxEHvO/TbyOK6UiIauVDDO2hdiTFas8xl5rUkJC7dyEJqYiVbXmgoszu4wCg37xP=0D=0A=
l4Jkap0dD0o3a4XuJ7c4C+0EAJSEmDu91BMvVNwUl7rFbnfOT1S/hOGUaXuUY7fn=0D=0A=
em0WoTFxVISKJH6r6nquSr+Dn8jljJM8Oe/4XIAgRpQ4kIupnoHHhSFd6P0W2InV=0D=0A=
Zrm/t2AnhV66+dxpjz+2mJvuEssG31AzAGPFfweRnBenQvThKD1SpEd+Au3rO+0H=0D=0A=
4qZrA/9Hb1DiqcQO3vjtyWA4DdsPd92H121l491Vaqdy+6IRTDo6oDvqI3EfZshC=0D=0A=
DIwNJUbXt0EjN1Xa44+gIaSFmgpJcG1M0w22XH47tbs0CQ7yQ3KyBA9VbdozchtS=0D=0A=
HLz6WPVKNaDBAzFFOAYvWkR9h1IAQOc4UycHQDia60BhxSkRILYAAAAeTWFyayBN=0D=0A=
YWFzIDxtYXJrQG1lbmVtLm1pbmUubnU+iFsEExECABsFAkF/9pMGCwkIBwMCAxUC=0D=0A=
AwMWAgECHgECF4AACgkQ8SFyUHWnEvOObQCdEGDR7oR//IVVAynpWrpFuc5Xt0gA=0D=0A=
oKzSyqPzoDXekHqBm/4BHwThpJhKuQENBEF/9p8QBACOazsQm/Fb9bBmQnxJ906W=0D=0A=
NSPYn9Q1a8YdqqpJC2J0ezDioJOi2+629jeNrmQsCGYGWPsvQzQhaQ2u2IS3s5OX=0D=0A=
M8HWOuNKtZyqUL+sf8Gr+PFmXxAFykXmfP299lI8LhqGJTZPHU7SQhtC+i1vmp3C=0D=0A=
kTABetoHfafUSVyuMXg53wADBQQAhYjdoMmzMDyD+v8s4/9iMJWaP7pMtEWZsD2n=0D=0A=
XWtbGLuazNn0xDc7kp5nAfwBlOeYVEPIEUYsYxbYLZ6HxOtvA8VihXV2hViB/13X=0D=0A=
cYCT7Uo1TH/ON/CHyJ+lv0IqJmYprb+VEO+BMcweGs2/Ky0ubkwP9kGyXT+FJKqT=0D=0A=
BEjl7UiIRgQYEQIABgUCQX/2nwAKCRDxIXJQdacS84/RAJ4yvx+rHKvink2f7a08=0D=0A=
n5KyrxUNGgCePtpx7JBDLp2S+jmk5ua336yL6sY=3D=0D=0A=
=3D7X3V=0D=0A=
-----END PGP PUBLIC KEY BLOCK-----=0D=0A=
x-mozilla-html:FALSE
version:2.1
end:vcard
Reply to: